CVE-2026-47325
Predictable Password Generation in ProjectsAndPrograms School-Management-System
Publication date: 2026-06-03
Last updated on: 2026-06-03
Assigner: CERT.PL
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| projectsandprograms | school-management-system | From 6b6fae5 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1391 | The product uses weak credentials (such as a default key or hard-coded password) that can be calculated, derived, reused, or guessed by an attacker. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-47325 is a vulnerability in the ProjectsAndPrograms school-management-system where passwords for students and teachers are generated solely from the user's date of birth (for example, 12072000 for July 12, 2000). The system does not require or prompt users to change these default passwords upon first login.
Because the passwords are predictable and not changed, attackers can easily guess or derive valid credentials, which leads to unauthorized access to user accounts.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access to student and teacher accounts within the school-management-system.
Attackers can exploit the predictable password scheme to compromise accounts, potentially gaining access to sensitive personal information and school-related data.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if user passwords are generated solely from their date of birth and if the system does not require password changes upon first login.
To detect this on your system, you can attempt to authenticate using passwords derived from known or guessed dates of birth for student or teacher accounts.
There are no specific commands provided in the available resources to detect this vulnerability automatically.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include enforcing a password change upon first login to prevent continued use of predictable passwords.
Additionally, avoid using predictable credentials such as dates of birth for password generation.
Implement stronger password policies requiring complex and unique passwords for all users.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability involves the use of predictable credentials based solely on users' dates of birth without requiring password changes upon first login. This weakness allows attackers to easily guess or derive valid credentials, leading to unauthorized account access.
Such unauthorized access to user accounts, especially in a school-management system handling personal data, could lead to violations of data protection regulations like GDPR or HIPAA by compromising the confidentiality and security of personal information.
However, the provided information does not explicitly discuss the impact on compliance with these standards or any regulatory consequences.